Following the news that Yahoo has begun notifying users about a security breach identified in December, sharing some comment from David Hald, Chief Strategy Office at cloud security company, CensorNet.

David Hald, Chief Strategy Officer, CensorNet:

“This is an issue that Yahoo! knew about last year, so why is it only now informing users? Internet users are shouted at constantly to change their passwords regularly and not reuse them for different accounts. That’s likely to be fairly irrelevant advice now – and has been for some time if this method of attack is anything to go by.

“Passwords are fundamentally broken. They can’t do what they were designed for because technology has moved on and they are too easy to get around. A lot of consumer facing Internet businesses offer two-factor authentication in a variety of forms, but they don’t enforce its use. They should and this incident shows exactly why. In fact, 2FA isn’t enough any more. It’s also a system that we’ve already outgrown and instead need multiple factors to be taken into account for authentication.

“It seems we’re consistently playing catch-up with hackers. We now need to get out in front of the issue and use tools that make it much harder for them to get what they want.”